CISA Known Exploited Vulnerabilities (KEV)

CVE-2010-4398 - Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability -

Action Due Apr 21, 2022 Target Vendor : Microsoft

Description : Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-4398

CVE-2022-1096 - Google Chromium V8 Type Confusion Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Google

Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-1096

CVE-2021-26085 - Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Atlassian

Description : Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-26085

CVE-2016-7201 - Microsoft Edge Memory Corruption Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7201

CVE-2013-3660 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Microsoft

Description : The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-3660

CVE-2012-2034 - Adobe Flash Player Memory Corruption Vulnerability -

Action Due Apr 18, 2022 Target Vendor : Adobe

Description : Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-2034

CVE-2020-1956 - Apache Kylin OS Command Injection Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Apache

Description : Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1956

CVE-2020-2021 - Palo Alto Networks PAN-OS Authentication Bypass Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Palo Alto Networks

Description : Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2021

CVE-2022-26143 - MiCollab, MiVoice Business Express Access Control Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Mitel

Description : A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26143

CVE-2022-21999 - Microsoft Windows Print Spooler Privilege Escalation Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-21999

CVE-2021-42237 - Sitecore XP Remote Command Execution Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Sitecore

Description : Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42237

CVE-2021-22941 - Citrix ShareFile Improper Access Control Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Citrix

Description : Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22941

CVE-2020-9377 - D-Link DIR-610 Devices Remote Command Execution -

Action Due Apr 15, 2022 Target Vendor : D-Link

Description : D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-9377

CVE-2020-7247 - OpenSMTPD Remote Code Execution Vulnerability -

Action Due Apr 15, 2022 Target Vendor : OpenBSD

Description : smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7247

CVE-2020-5410 - VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability -

Action Due Apr 15, 2022 Target Vendor : VMware Tanzu

Description : Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5410

CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Sophos

Description : A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25223

CVE-2020-2506 - QNAP Helpdesk Improper Access Control Vulnerability -

Action Due Apr 15, 2022 Target Vendor : QNAP Systems

Description : QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2506

CVE-2019-6340 - Drupal Core Remote Code Execution Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Drupal

Description : In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-6340

CVE-2019-16920 - D-Link Multiple Routers Command Injection Vulnerability -

Action Due Apr 15, 2022 Target Vendor : D-Link

Description : Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16920

CVE-2019-15107 - Webmin Command Injection Vulnerability -

Action Due Apr 15, 2022 Target Vendor : Webmin

Description : An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-15107